
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 223 1 3- 1 450 
www.uspto.gov 



| ATTORNEY DOCKET NO. | CONFIRMATION NO. " 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



09/843,901 



04/27/2001 



27488 7590 06/28/2005 

MICROSOFT CORPORATION 
C/O MERCHANT & GOULD, L.L.C. 
P.O. BOX 2903 

MINNEAPOLIS, MN 55402-0903 



Scott R. Shell 



50037.20USU1 



9891 



EXAMINER 



HENNING, MATTHEW T 



ART UNIT 



PAPER NUMBER 



2131 

DATE MAILED: 06/28/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 


Application No. 

09/843,901 


Applicant(s) 

SHELL ET AL 


Examiner 

Matthew T. Henning 


Art Unit 

2131 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address » 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 
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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 26 April 2005 . 
2a)D This action is FINAL. 2b)K This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 
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4) [3 Claim(s) 1-28 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-28 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) [3 The drawing(s) filed on 27 April 2001 is/are: a)S accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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application from the International Bureau (PCT Rule 17.2(a)). 
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This action is in response to the communication filed on 4/26/2005. 
DETAILED ACTION 

1 . Claims 1-28 have been examined. 

2. All Objections and Rejections not specifically set forth below have been withdrawn. 

Title 

3. The title of the invention is acceptable. 

Priority 

4. The application has been filed under Title 35 U.S.C §119, claiming priority to US 
Provisional Application 60/269,737, filed February 16, 2001. 

5. The effective filing date for the subject matter defined in the pending claims in this 
application is February 16, 2001. 

Information Disclosure Statement 

6. The information disclosure statement (IDS) submitted on 1/23/2003 is in compliance 
with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information 
disclosure statement. 

Drawings 

7. The drawings filed on 04/27/2001 are acceptable for examination proceedings. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made 
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to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was 
made. 

9. Claims 1- 28 are rejected under 35 U.S.C. 103(a) as being unpatentable over Rogers et al. 
(US Patent Number 6,301,484) hereinafter referred to as Rogers, and further in view of Win et 
al. (US Patent Number 6, 1 6 1 , 1 3 9) hereinafter referred to as Win. 

10. Regarding claim 1, Rogers disclosed a computer-implemented method for maintaining 
configuration information on a mobile device (See Rogers Abstract), comprising: receiving a 
message including a request associated with configuration information stored on the mobile 
device (See Rogers Col. 5 Lines 14-36); identifying the source of the received message from data 
associated with the received message (See Rogers Col. 4 Lines 13-17 authentication of which 
Rogers fails to disclose specific details); determining at least one configuration setting within the 
configuration information affected by the received message (See Rogers Col. 6 Lines 45-62); and 
processing the request associated with the configuration information (See Rogers Col. 5 Line 34- 
Col. 7 Line 30) but failed to disclose associating a security role with the received message based 
on the identified source of the received message; comparing the associated security role of the 
received message with a security privilege associated with the at least one configuration setting 
on the mobile device; and if the associated security role of the received message is in agreement 
with the security privilege associated with the at least one configuration setting on the mobile 
device, processing the request associated with the configuration information. 

Win teaches an authentication system in which a user is identified by a name and 
password (See Win Col. 6 Lines 20-24). 
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It would have been obvious to the ordinary person skilled in the art at the time of 
invention to employ the teachings of Win in the authentication of Rogers by providing a name 
and password with the configuration message in order to authenticate the message. This would 
have been obvious because the ordinary person skilled in the art would have been motivated to 
authenticate the message prior to processing the request. 

Win further teaches that in an authentication system, once a user is identified, a security 
role should be associated with the user, and this role should be used to determine whether a 
requested function should be executed or not (See Win Abstract), by checking whether the 
associated security role matches the security privileges of the request (See Win Col. 6 Lines 37- 
44 and Col 16 Lines 6-54). 

It would have been obvious to the ordinary person skilled in the art at the time of 
invention to employ the teachings of Win in the configuration system of Rogers by associating a 
role to the authenticated message based on the authentication data and verifying access to each 
configuration setting based on a set of privileges associated with the role. This would have been 
obvious because the ordinary person skilled in the art at the time of invention would have been 
motivated to provide flexibility to the security of each configuration setting. 

11. Regarding claim 2, the combination of Rogers and Win. disclosed that associating the 
security role with the received message comprises assigning a particular security role based on 
the source of the message (See the rejection of claim 1 above). 

12. Regarding claim 3, the combination of Rogers and Win disclosed that the source of the 
message is identified from authentication and decryption of the received message (See the 
rejection of claim 1 above and Rogers Col. 4 Lines 13-17). 
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13. Regarding claim 4, the combination of Rogers and Win disclosed that the information 
within the message includes a shared key that identifies the source of the message (See the 
rejection of claim 1 above; ie name and password). 

14. Regarding claim 5, the combination of Rogers and Win disclosed that processing the 
request associated with the configuration information further comprises comparing the security 
role with another security privilege associated with a configuration service provider, the 
configuration service provider being responsible for managing the configuration information 
stored on the mobile device (See the rejection of claim 1 above and Win Col. 16 Lines 6-54 and 
Rogers Col. 7 Lines 21-28 wherein each feature code had its own privilege level which needed to 
be compared). 

15. Regarding claim 6, the combination of Rogers and Win disclosed that if the security role 
is not in agreement with the other security privilege the request is not processed (See Win Col. 8 
Lines 17-61). 

16. Regarding claim 7, the combination of Rogers and Win disclosed that if the security role 
is in agreement with the security privilege associated with the at least one configuration setting 
and with the other security privilege associated with the configuration service provider, the 
configuration service provider processes the request by accessing the configuration information 
(See Win Col. 8 Lines 17-61 and Rogers Col. 6 Line 63 - Col. 7 Line 6). 

17. Regarding claim 8, the combination of Rogers and Win disclosed a computer readable 
medium having computer executable components for managing security on a mobile device (See 
Rogers Abstract and further it is well known that processors execute computer instructions in 
order to function), comprising: a stored setting having an assigned security role that identifies a 
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privilege that an entity attempting to access the stored setting must satisfy in order to access the 
stored setting (See Win Col. 16 Lines 6-54 and Table 1); a router configured to receive a 
configuration message over a wireless communication link, the router being further configured to 
identify a source of the configuration message and assign a security role to the received 
configuration message based on the identified source (See the rejection of claim 1 above), the 
router being further configured to pass the configuration message to other components of the 
mobile device (See Rogers Fig. 1), the configuration message including an instruction that 
affects a configuration setting (See Rogers Col. 5 Lines 34-36); a configuration manager 
configured to receive the configuration message from the router and to parse the configuration 
message to identify the configuration setting affected by the configuration message (See Rogers 
Col. 6 Lines 46-62), the configuration manager being further configured to compare the assigned 
security role of the configuration message to security roles assigned to configuration settings 
stored on the mobile device (See the rejection of claim 1 above); wherein if the configuration 
setting identified in the configuration message identifies the stored setting, and wherein if the 
assigned security role has sufficient privilege to access the stored setting, the configuration 
manager causes the instruction that affects the configuration setting to be processed (See Win 
Col. 8 Lines 17-61). 

18. Regarding claim 9, the combination of Rogers and Win disclosed a configuration service 
provider configured to manage at least one configuration setting stored on the mobile device, and 
wherein the processing of the instruction is performed by the configuration service provider (See 
Rogers Col. 6 Line 63 - Col. 7 Line 6). 
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19. Regarding claim 10, the combination of Rogers and Win disclosed that the configuration 
service provider has an assigned security role that identifies a privilege that must be associated 
with an instruction that affects a configuration setting which the configuration service provider 
maintains (See Win Col. 8 Lines 17-61). 

20. Regarding claim 1 1, the combination of Rogers and Win disclosed that the configuration 
manager is further configured to determine if the instruction that affects the configuration setting 
is in agreement with the security role assigned to the configuration service provider that 
maintains the affected configuration setting, and if so, the configuration manager is further 
configured to pass the instruction to the configuration service provider to be handled (See Rogers 
Col. 6 Line 63 - Col. 7 Line 6 and Win Col. 8 Lines 17-61). 

21. Regarding claim 12, the combination of Rogers and Win disclosed that the configuration 
service provider determines if the instruction is in agreement with the security role assigned to 
the stored setting prior to processing the instruction, and if not, terminating the processing of the 
instruction (See Rogers Col. 6 Line 63 - Col 7 Line 6 and Win Col. 8 Lines 17-61). 

22. Claims 13-19 are rejected for the same reasons as claims 1-7 above and further because it 
is well known in the art that processors execute computer instructions in order to function (See 
Rogers Col. 8 Line 33 - Col. 9 Line 22). 

23. Regarding claim 20, the combination of Rogers and Win disclosed a computer readable 
medium within a mobile device, comprising: a data structure associated with a configuration 
setting being associated with a software component resident on the mobile device, the 
configuration service provider being responsible for managing the configuration setting (See the 
rejection of claim 1 above and Win Col. 16 Lines 6-54), wherein the data structure comprises: a 
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first field including a security role associated with the configuration setting, the security role of 
the configuration setting identifying a setting privilege which must be had in order to access the 
configuration setting (See Win Table 1 Function and Administrative Privilege Levels), a second 
field identifying an associated configuration service provider, the identity indicating an 
associated configuration service provider requesting information stored on the mobile device 
(See Win Col. 16 Lines 6-9 "Administrative Role ID"); a third field correlating a security role 
based on the identity of the associated configuration service provider, the security role of the 
configuration service provider identifying a provider privilege which must be had in order to . 
make use of the configuration service provider (See Win Col. 16 Lines 6-9 "Administrative 
Privilege"). 

24. Regarding claim 21, the combination of Rogers and Win disclosed a configuration 
message received over a wireless communication link between a source of the configuration 
message and the mobile device, the configuration message including an instruction to access the 
configuration setting, the instruction having an associated security role based on the source of the 
configuration message (See the rejection of claim 1 above). 

25. Regarding claim 22, the combination of Rogers and Win disclosed a configuration 
manager configured to cause the instruction to be processed if the security role of the instruction 
is in agreement with the security role of the configuration setting (See Win Col. 8 Lines 17-61). 

26. Regarding claim 23, the combination of Rogers and Win disclosed a configuration 
manager configured to cause the instruction to be processed if the security role of the instruction 
is in agreement with the security role of the configuration service provider (See Win Col. 8 Lines 
17-61). 
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27. Regarding claim 24, the combination of Rogers and Win disclosed a configuration 
manager configured to invoke the configuration service provider if the security role of the 
instruction is in agreement with the security role of the configuration service provider (See the 
rejection of claim 1 above; ie name and password), the configuration service provider being 
further configured to process the instruction if the security role of the instruction is in agreement 
wit the security role of the configuration setting (See Win Col. 8 Lines 17-61). 

28. Regarding claim 25, the combination of Rogers and Win disclosed that the first field 
further comprises a policy field that identifies the configuration setting as a policy setting (See 
Win Table 1 wherein it was inherent that because the settings were in the table, they were 
identified as policy settings). 

29. Regarding claim 26, the combination of Rogers and Win disclosed that the policy setting 
can only be modified by an instruction generated by a particular source (See Win Table 1 which 
showed that only certain sources can modify settings). 

30. Regarding claim 27, the combination of Rogers and Win disclosed that the particular 
source includes administrative privileges (See Win Table 1 Administrative Privilege Level). 

3 1 . Regarding claim 28, the combination of Rogers and Win disclosed that the policy setting 
may only be modified locally (See Win Col. 15 Paragraph 6 and Fig. 1 Element 114). 

Response to Amendment 

32. Applicant's arguments filed 4/26/2005 have been fully considered but they are not 
persuasive. 

33 . Applicant argues primarily that: 

I. Austin did not disclose all the limitations of claim 1. 
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II. Win did not disclose all the limitations of claim 20. 

III. There is no suggestion to combine Austin and Rogers. 

IV Austin and Rogers do not meet all the limitations of claim 8. 

V. Austin and Win cannot be combined in the manner suggested. 

VI. Austin and Win do not meet all the limitations of claims 21-24. 

34. Applicant's arguments with respect to claims 1-28 have been considered but are moot in 
view of the new ground(s) of rejection. 



Conclusion 

35. Claims 1-28 have been rejected. 

36. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew T. Henning whose telephone number is (571) 272-3790. 
The examiner can normally be reached on M-F 8-4. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Matthew Henning ^AZ SHEIKH 

Assistant Examiner SUPERVISORV oatc^ 
Art Unit 2,3! 

6/20/2005 ^'t»2100 



